CVE-2026-53074

UNKNOWN 0.0

bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 7254267799d083280c0e53effc101a33add95f7b fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 6a9f38d5ff11e00bc54baab752642978805e81eb fa5cb548ced61b9d3095f32f8a7e427a248c65ee < e6aa481f21fc7a41ed344767ea25aae9d03fae71 fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 0a04db240effd85773f66244645a28cedddb72d2 fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 1f882c492d46f90bdb36f4936876c88c28dab21c fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 8042240412de3222d27b31e89d29336961cad9e4 fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 6def5fe753cbe5b279ee5fd10327b2611cbddaca fa5cb548ced61b9d3095f32f8a7e427a248c65ee < 12bec2bd4b76d81c5d3996bd14ec1b7f4d983747

Linux / Linux

5.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗